Instituto Superior de Engenharia do Porto Mestrado em Engenharia Eletrotécnica e de Computadores Arquitetura de Computadores Virtualization with KVM and libvirt Introduction The KVM mechanism is best described in its own main web page1: KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Exercises 1) KVM can be used by simply passing the --enable-kvm command line parameter to QEMU. In this first exercise, we will compare the performance between the execution of a program in an emulated machine and its execution on a fully virtualized machine. 1.1) Download the arcom_vm.img and launch the distribution using QEMU in emulation mode: $ qemu-system-x86_64 arcom_vm.img 1.2) In the emulated machine, run /root/stress 100, where 100 is the number of iterations executed by the program, and measure its execution time using a clock (host application, smartphone, etc.). Note that this is the advisable procedure since time measurements in emulators and virtual machines (VMs) may be very inaccurate in several situations. Execution time:________________________________ 1.3) Shut down the virtual machine and relaunch QEMU with --enable-kvm parameter: $ qemu-system-x86_64 –enable-kvm arcom_vm.img Determine, by trial and error, the number of iterations to obtain an execution time approximately equal to the one obtained before Number of iterations with KVM:________________________________ 1 https://www.linux-kvm.org/page/Main_Page Virtualization with KVM and libvirt 1/14 ARCOM – MEEC – ISEP – 2018/2019 Working with multiple virtual machines In what follows, we will create an isolated network with two virtual machines connected to it. The network will be created using the Linux ethernet bridge mechanism. The virtual storage devices will be created using the QEMU qcow2 format. This format will be used because it provides the mechanism of backing file, i.e., the same image can be used as a base for several virtual machines. Table 1 – Raw and qcow2 QEMU disk image types Raw Qcow2 Raw is default format if no specific format is Qcow2 is an open-source format developed specified while creating disk images. Raw as an alternative to the VMWare vmdk and disk images do not have special features like Oracle Virtualbox vdi formats. Qcow2 compression, snapshot, etc. On the other provides features like compression, snapshot hand, raw disk images are faster than other and backing file. disk image types. 2) Create a directory named after your student number under /opt and grant full access permission to it for all system users: # mkdir /opt/student number # chmod 777 /opt/student_number Move all files to that directory and, from now on, keep working on that directory: # mv * /opt/student_number # cd /opt/student_number 3) Create the arcom-vm1.qcow2 and arcom-vm2.qcow2 volumes (both backed by the arcom-vm.qcow2 volume) to be used by the virtual machines: # qemu-img convert -O qcow2 arcom-vm.img arcom-vm.qcow2 # qemu-img create -f qcow2 -o backing_file=arcom-vm.qcow2 arcom-vm1.qcow2 # qemu-img create -f qcow2 -o backing_file=arcom-vm.qcow2 arcom-vm2.qcow2 # qemu-img info arcom-vm1.qcow2 The following script will be used to create a bridge with two virtual interfaces (vnet1 and vnet2) connected to it: #!/bin/sh set -x ip tuntap add vnet1 mode tap ip tuntap add vnet2 mode tap # Bring up the tap devices ip link set vnet1 up ip link set vnet2 up # Create the bridge to link the tap devices ip link add kbr0 type bridge Virtualization with KVM and libvirt 2/14 ARCOM – MEEC – ISEP – 2018/2019 # Adding the interface into the bridge is # done by setting its master to bridge_name ip link set vnet1 master kbr0 ip link set vnet2 master kbr0 # Bring up the bridge ip link set kbr0 up # Show existing bridges ip link show Save the above script as ifup and enable execution permission for its owner (chmod u+x ifup). The following script will be used to delete all interfaces created by the ifup script: #!/bin/sh set -x # Bring down the bridge ip link set kbr0 down # Delete the bridge ip link del kbr0 # Delete the tap devices ip tuntap del vnet1 mode tap ip tuntap del vnet2 mode tap Save the above script as ifdown and enable execution permission for its owner (chmod u+x ifdown). Create the isolated network by running ifup as root: # ./ifup Launch the first virtual machine, using vnet1 as ethernet adapter: # qemu-kvm arcom-vm1.qcow2 -name arcom-kvm1 -m 64 \ -netdev tap,id=hostnet0,script=no,downscript=no,ifname=vnet1 \ -device virtio-net-pci,netdev=hostnet0,mac=00:50:56:00:00:01 Note that, to enable connectivity between virtual machines, it is necessary to specify a different MAC address for each interface on the same ethernet network. Open a new terminal to launch the second virtual machine. In this case, the virtual machine will be launched as a daemon (in background and detached from the terminal, -daemonize parameter), and it will use the Virtual Network Computing (VNC) system for video output (- display vnc:0). # qemu-kvm arcom-vm2.qcow2 -name arcom-kvm2 -m 64 \ -netdev tap,id=hostnet0,script=no,downscript=no,ifname=vnet2 \ -device virtio-net-pci,netdev=hostnet0,mac=00:50:56:00:00:02 \ -daemonize -display vnc=:0 VNC is a graphical desktop sharing system where the system sharing its display acts as a server, providing the access through ports 5900 (for display :0), 5901 (for display :1) and so on. To access the remote display, a VNC client is required, such vinagre or reminna: Virtualization with KVM and libvirt 3/14 ARCOM – MEEC – ISEP – 2018/2019 Perform the static configuration of the ethernet card on each virtual machine using private IP addresses, and test the connectivity using the ping command. For instance: # ip a add 192.168.0.2/24 dev eth0 # ip link set eth0 up # ping 192.168.0.1 After the connectivity test, shutdown both virtual machines an run ./ifdown. Libvirt KVM can be more easily used via the libvirt API and tools. Libvirt provides an API to create, modify, and control virtual machines. Some examples of libvirt tools are virt-install (command line based, used only to create a virtual machine), virsh (command line based), and virt-manager (graphical interface). In this context, a virtual machine is called a “guest domain”. Each VM has an associated XML file with all its settings. In this exercise, similarly to the previous exercise, we will configure and test two virtual machines connected through an isolated virtual network. However, this time the tasks will be carried out using the libvirt tools. Create the following XML file: # cat mynet1.xml <network ipv6='yes'> <name>mynet1</name> </network> Create an isolated virtual network, named mynet1, using virsh: # virsh net-define mynet1.xml # virsh net-dumpxml mynet1 # virsh net-start mynet1 Virtualization with KVM and libvirt 4/14 ARCOM – MEEC – ISEP – 2018/2019 Create the first virtual machine using the command line tool virt-install2: virt-install --name arcom-kvm1 --ram 64 --graphics vnc --disk path=arcom-vm1.qcow2 --import --network network=mynet1,model=virtio The virtual machine is started and the virt-install command blocks until the machine is powered off. In order to power off the machine, you must connect to it (using the VNC client) and execute the poweroff command (still in the virtual machine). Afterward, the machine can be restarted, stopped and powered off using the virsh tool. To list all virtual machines managed through libvirt: # virsh list --all To start the virtual machine: # virsh start arcom-kvm1 # virsh list --all To suspend a running a virtual machine: # virsh suspend arcom-kvm1 # virsh list --all The VM is kept in memory but it won't be scheduled for execution. If you try to use the VM’s terminal, you will get no response from it. To resume execution of the virtual machine: # virsh resume arcom-kvm1 # virsh list --all The VM should become responsive again. To power off your virtual machine (i.e., the equivalent to pressing the power off button on a real machine): # virsh destroy arcom-kvm1 # virsh list --all If the guest operating system supports the Advanced Configuration and Power Interface (ACPI), a software shutdown can be requested: # virsh shutdown arcom-kvm1 To display the machine configuration in XML format: # virsh dumpxml arcom-kvm1 The same information can be obtained directly from the corresponding XML file: cat /etc/libvirt/qemu/arcom-kvm1.xml The virsh and virt-install utilities are particularly useful for scripting and for quick checks. On the other hand, the virt-manager utility provides a more user-friendly environment. Create the second VM using the virt-manager utility: 2 The –import parameter is used to build a guest around an existing disk image (the default is to install from a given installation source). The device used for booting is the first device specified via "--disk" or "--filesystem". Virtualization with KVM and libvirt 5/14 ARCOM – MEEC – ISEP – 2018/2019 # virt-manager You should be presented with a graphical window, with a list of virtual machines. You should be able to find the previously created VM: Virtualization with KVM and libvirt 6/14 ARCOM – MEEC – ISEP – 2018/2019 Virtualization with KVM and libvirt 7/14 ARCOM – MEEC – ISEP – 2018/2019 Virtualization with KVM and libvirt 8/14 ARCOM – MEEC – ISEP – 2018/2019 Complete the VM creation by pressing “Begin Installation”.